Cylance says stopping the hackers is all In the maths

An intelligent approach to cybersecurity.

The technology industry is built on disruption. It thrives on subverting old models and transforming them to cope with evolving challenges. We’ve seen it in everything from media to transportation, but technology also disrupts itself.

Cylance is reinventing cybersecurity using mathematics and machine learning to create a safer form of protection that catches threats before they become a problem.

Cylance was founded in 2012 by Stuart McClure, the author of best-selling cybersecurity practice guide Hacking Exposed. An entrepreneur who had already created and sold Foundstone, an IT security consulting firm, he was well acquainted with cybersecurity and knew how approaches to it were failing.

McClure learned early on how a simple vulnerability can lead to disaster. In 1989, he was a passenger on a Boeing 747 whose front cargo door blew out. Nine people died in the decompression, and the pilot barely managed to save the other passengers. The accident turned out to be the result of a design flaw, and that knowledge spurred McClure to find better ways to secure individuals and organisations.

This journey took him through various companies in the cybersecurity sector as he explored different approaches and architectures. Along the way he realised that design flaws permeate the cybersecurity industry too.

The architecture of traditional cybersecurity products rendered them largely reactive. Vendors analysed each emerging piece of malware, condensing it into a small digital fingerprint that could be stored in a database. They would match any new file that came along against this database to see if it was a threat.

This always left them one step behind cybercriminals, who frequently tested their malware against these tools before releasing it to see if it would go undetected. This made preventing new attacks far more difficult.

None of these tools ever seemed to succeed entirely – and that’s a problem in an industry where attackers only have to succeed once. McClure jokingly took to calling himself the “chief apology officer”, because much of his job seemed to involve briefing clients on how they had been compromised and conducting a post-mortem on the attack.

McClure often didn’t use cybersecurity products, relying instead on knowledge gathered over decades. He knew what to avoid when using computer systems and built up an implicit awareness of the threat vectors facing the average user.

One day a thought struck him: if existing tools were not working and his cybersecurity knowledge protected him, couldn’t he teach computers what he knew? The idea for Cylance was born.

How Cylance works

The problem with teaching computers what you know is that traditionally programmers have had to explain everything explicitly in a series of rules. Implicit knowledge gathered over decades is not describable that way.

To produce a truly preventative tool that would protect users from cybersecurity threats, McClure had to go back to basics and adopt a different architecture. Instead of scanning files and trying to match them against known malicious footprints in a database, he had to teach machines to think like people. Luckily, just such a method was emerging.

Machine learning is a branch of artificial intelligence. The concept has been around since the mid-50s, when scientists gathered at New Hampshire’s Dartmouth College to discuss how machines could simulate human intelligence.

It is only in the last few years that computing resources and software algorithms have developed to the point where computers can process information intuitively, at scale, producing results that human operators may not even be able to explain.

This is the era of machine learning, which has disrupted everything from transportation through to finance. McClure thought it was time to apply it to cybersecurity.

Mathematics lies at the heart of the Cylance method, which breaks down into these key stages: collection, extraction, learning and classification.

Collection

Cylance’s analytical tools rely on large amounts of empirical data. The collection process involves accumulating many files, ranging from Word documents through to PDF and Flash files. These come from a variety of sources to provide a balanced and diverse data set.

Once collected, the files are categorised into three types: valid, malicious, and unknown. This directs the machine learning algorithm so that it knows what it is learning about.

Extraction

This phase involves finding out as much about each individual file as possible by dismantling it and exploring thousands of characteristics. These data points go beyond a file’s creation date, size, and name. The kind of compiler that was used to create it and even key aspects of the logic inside the file are all relevant, and in many cases will change depending on the file’s application format.

These characteristics which are then used to create a complex information structure about each file that can be used as the basis for the learning process.

Learning

The learning phase involves analysing millions of characteristics across valid, malicious and unknown files. Represented as numerical values, they result in a statistical model that can be used to analyse any previously unseen files. When it encounters a new file, the model can accurately predict whether it will be malicious or not, based on the tens of millions of files that it has already seen.

This mathematical approach has more than one benefit. Because the machine has learned what to look for in a malicious file, it can prevent new threats even if it has never seen them before. Cylance has spotted new exploits months before human operators in antivirus companies classified them.

Even though the statistical model has been derived from tens of millions of files, it also takes up far less storage space and processing power than traditional databases that document each separate malware signature.

Cylance is a pioneer in a market that is fast attracting attention. As players such as Crowdstrike, Darktrace, Invincea and SparkCognition vie for a place in this vibrant new industry, they will all innovate and help to push machine learning technology further.

Customers can only benefit from a new approach that continues to disrupt conventional approaches to cybersecurity.

How Artificial Intelligence Will Secure the 21st Century

Machine Learning and Mathematics Introduce a Brave New World of Predictive Cybersecurity that Rewrites the Rules of Protection